CVE-2024-20376

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-05-01 17:15

Updated : 2026-01-05 14:57

NVD link : CVE-2024-20376

Mitre link : CVE-2024-20376

CVE.ORG link : CVE-2024-20376

JSON object : View

Products Affected

cisco

ip_phone_6821
ip_phone_7832_with_multiplatform_firmware
ip_phone_7841
ip_phone_7861_with_multiplatform_firmware
ip_phone_7821
ip_phone_6861_with_multiplatform_firmware
video_phone_8875
ip_phone_8841_with_multiplatform_firmware
ip_phone_7832
ip_phone_8811_with_multiplatform_firmware
ip_phone_8845
ip_phone_8841
ip_phone_6861
ip_phone_7811_with_multiplatform_firmware
ip_phone_6871_with_multiplatform_firmware
ip_phone_7841_with_multiplatform_firmware
ip_phone_8851
ip_phone_6841_with_multiplatform_firmware
ip_phone_7821_with_multiplatform_firmware
ip_phone_8832
ip_phone_6851_with_multiplatform_firmware
ip_phone_8865
ip_phone_8865_with_multiplatform_firmware
ip_phone_8861_with_multiplatform_firmware
ip_phone_7811
ip_phone_8851_with_multiplatform_firmware
ip_phone_6821_with_multiplatform_firmware
ip_phone_8861
ip_phone_6841
ip_phone_8811
ip_phone_8832_with_multiplatform_firmware
ip_phone_7861
video_phone_8875_firmware
ip_phone_6851
ip_phone_6871
ip_phone_8845_with_multiplatform_firmware

CWE

CWE-787

Out-of-bounds Write

7.5 /10